Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

Wednesday, February 20, 2008

Daily Report

• According to the Associated Press, Amtrak is launching new security measures that include random screening of Amtrak passengers’ carry-on bags. In addition to the screening, counterterrorism officers with bomb-sniffing dogs will patrol platforms and walk through trains, and sometimes will ride the trains. Amtrak plans to roll out the new “mobile security teams” first on the Northeast Corridor between Washington and Boston, before expanding them to the rest of the country. (See item 17)

• The Associated Press reports the U.S. Department of Agriculture ordered Sunday the recall of 143 million pounds of beef from the Westland/Hallmark Meat Co. slaughterhouse in Chino, California, where operations were suspended after an undercover video surfaced showing crippled and sick animals being shoved with forklifts. Officials estimate that about 37 million pounds of the recalled beef went to school programs, but they believe most of the meat probably has already been eaten. (See item 22)

Information Technology

30. February 19, TMCnet – (National) Cisco issues security alerts for its unified communications products. Cisco has issued two security alerts relating to flaws in its unified communications products which could enable hackers to launch denial of service attacks or hack into company telephony systems and retrieve sensitive information, among other annoyances. According to published reports, one of the alerts concerns a flaw in certain Cisco Unified IP Phone models running its Skinny Call Control Protocol (SCCP) and/or Session Initiation Protocol (SIP). The other alert relates to a vulnerability which might enable a hacker to launch an SQL Injection attack affecting Cisco’s Unified Communications Manager software. Numerous models of Cisco’s SCCP- and SIP-based phones contain a buffer overflow vulnerability in the handling of DNS responses. The company said a hacker launching a specially-crafted DNS response might be able to trigger a buffer overflow and execute arbitrary code on a vulnerable phone. The company has already patched the vulnerability in SCCP firmware version 8.0(8) and SIP firmware version 8.8(0), but certain other versions are still vulnerable. Cisco has reportedly released free software updates to address the vulnerability in Unified Communications Manager, which could open it up to an SQL injection attack in the parameter key of the administrator and user interface pages. Such an attack could give a hacker access to usernames and password hashes that are stored in the database.

31. February 19, IDG News Service – (National) Opera, Firefox bug could export users’ Web history. A flaw in the way the Firefox and Opera browsers handle an image file could allow an attacker to see what Web sites a person has visited. The problem concerns how the two browsers handle a “.BMP” – or bitmap – image file, according to an advisory on Vexillium.org, which included a video illustrating the problem. A malicious bitmap file can be created that pulls other information from the browsers’ memory. Some of the information that can be captured is random, but at other times could be valuable, the advisory said. “The harvested data contains various information including parts of other Web sites, users’ favorites and history, and other information,” Vexillium.org said. Using the “canvas” HTML (Hypertext Markup Language) tag supported by the browsers, an attacker can capture the data. Then, using JavaScript, the information can be sent to a remote server. The flaw could also crash Firefox. The vulnerability affects Firefox 2.0.0.11 and previous versions of that browser, as well as the beta version of Opera 9.50.

32. February 18, ars technica – (National) New BotSniffer better able to detect botnets. Researchers at Georgia Tech have published a paper on BotSniffer – a program they have designed to detect and disable botnets. Botsniffer is not the only bot-detection program available, but the Georgia Tech research team believes that the program’s approach to the botnet issue results in a better correlation rate and a lower number of false positives. BotSniffer is designed to detect botnets using either IRC or HTTP protocols, i.e. “push” or “pull” botnets. The program uses a detection method referred to as “Spatial-Temporal Correlation and Similarity” when searching for the presence of a botnet over the network. Spatial-Temporal Correlation and Similarity relies on the assumption that all botnets, regardless of function, will have to communicate with a master node in order to receive updates and instructions. Unlike humans, botnets tend to communicate in a highly synchronized fashion. BotSniffer specifically watches for these types of “response crowd” communications. If a group of responses qualify as both consistent and synchronous, the systems in question are much more likely to be part of a botnet as opposed to a group of humans communicating with each other. Approaching the problem from this angle allows BotSniffer to theoretically detect the presence of a botnet even when overall network communication is low.

33. February 19, TechWorld.com – (National) Vodafone’s Blackberries get disaster shield. Vodafone Group PLC will offer its BlackBerry customers a high availability and disaster recovery service – good news for corporate users who fear losing e-mail access on the platform. Based on Neverfail’s disaster recovery technology, the Vodafone Neverfail High Availability Service for BlackBerry monitors the health of the entire email environment, including the server hardware, network infrastructure, application, and operating system. If any anomalies are identified, the service should immediately take action to prevent loss of service. The service promises to operate around the clock every day of the year. According to Vodafone, the service will either automatically attempt to restart applications before they fail, switch over to a secondary server, or alert the IT staff so that no downtime or loss of service is experienced. Once the issue is resolved, they are automatically switched back to the main servers, and neither users nor administrators are required to restart their applications. The service requires no SAN or Cluster technology, and supports LAN and WAN technology.

34. February 18, Agence France Presse – (International) Saboteurs may have cut Mideast telecom cables: UN agency. Damage to several undersea telecom cables that caused outages across the Middle East and Asia could have been an act of sabotage, the International Telecommunication Union said on Monday. “We do not want to preempt the results of ongoing investigations, but we do not rule out that a deliberate act of sabotage caused the damage to the undersea cables over two weeks ago,” said the UN agency’s head of development. Five undersea cables were damaged in late January and early February leading to disruption to Internet and telephone services in parts of the Middle East and south Asia. There has been speculation that the sheer number of cables being cut over such a short period was too much of a coincidence and that sabotage must have been involved. India’s Flag telecom revealed on February 7 that the cut to the Falcon cable between the United Arab Emirates and Oman was caused by a ship’s anchor. But mystery shrouds what caused another four reported cuts. “Some experts doubt the prevailing view that the cables were cut by accident, especially as the cables lie at great depths under the sea and are not passed over by ships,” said the UN representative on the sidelines of a conference on cyber-crime held in Qatar. The Falcon cable has since been repaired, along with the Flag Europe Asia cable which was damaged off Egypt’s Mediterranean coast. The status of the remaining cable is still unclear.

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"